[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] mgetgroups: do not write bytes beyond end of malloc'd buffer
From: |
Jim Meyering |
Subject: |
[PATCH] mgetgroups: do not write bytes beyond end of malloc'd buffer |
Date: |
Thu, 10 Dec 2009 12:19:19 +0100 |
FYI, without this patch, coreutils' "./id" would have written past
end-of-malloc'd buffer when using the latest from gnulib:
>From 51d5e813e9ee6cf23af6c3e96082dc6ecd46d194 Mon Sep 17 00:00:00 2001
From: Jim Meyering <address@hidden>
Date: Thu, 10 Dec 2009 12:17:19 +0100
Subject: [PATCH] mgetgroups: do not write bytes beyond end of malloc'd buffer
* lib/mgetgroups.c: Fix an off-by-one error. When we have no
username, we call getgroups with a one-element-shorter buffer,
but still told it the length was original, max_n_groups.
---
ChangeLog | 7 +++++++
lib/mgetgroups.c | 3 ++-
2 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 4b150e0..c656180 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2009-12-10 Jim Meyering <address@hidden>
+
+ mgetgroups: do not write bytes beyond end of malloc'd buffer
+ * lib/mgetgroups.c: Fix an off-by-one error. When we have no
+ username, we call getgroups with a one-element-shorter buffer,
+ but still told it the length was original, max_n_groups.
+
2009-12-09 Eric Blake <address@hidden>
cloexec: relax license
diff --git a/lib/mgetgroups.c b/lib/mgetgroups.c
index 89d1618..0f853d6 100644
--- a/lib/mgetgroups.c
+++ b/lib/mgetgroups.c
@@ -141,7 +141,8 @@ mgetgroups (char const *username, gid_t gid, gid_t **groups)
ng = (username
? getugroups (max_n_groups, g, username, gid)
- : getgroups (max_n_groups, g + (gid != (gid_t) -1)));
+ : getgroups (max_n_groups - (gid != (gid_t) -1),
+ g + (gid != (gid_t) -1)));
if (ng < 0)
{
--
1.6.6.rc1.319.g9b57d
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] mgetgroups: do not write bytes beyond end of malloc'd buffer,
Jim Meyering <=